If you thought Hello Barbie was creepy, wait until you hear what NBC is doing...

There are some pretty unnerving Orwellian undertones in NBC's announcement of supposed Netflix viewing numbers.  Netflix doesn't post viewing numbers, so it's hard for traditional media corporations like NBC to understand how Netflix original programming is doing compared to traditional broadcast media.  If you thought Hello Barbie was creepy, just wait until you see what NBC cooked up to track Netflix viewing numbers.

At least Hello Barbie's necklace lights up so you know when she's listening

NBC reportedly solved this problem using software from Symphony Advanced Media.  The Symphony software passively monitors the environment around smart phone microphones that have certain applications installed.  The article doesn't make it clear what those applications are, how they are installed, or by whom.  The Symphony website isn't much help in determining this either.  But in order to capture this data, the applications would have to listen all the time.  Hello Barbie stoked earlier privacy fears, but at least she requires you to press her belt buckle to start listening   She also lights up and there's an audio warning chime before she begins to listen.

In any case, NBC used the software to detect the viewing habits of Netflix viewers by listening for theme music of Netflix original shows.  The reported numbers were in the millions of viewers, though this data was probably extrapolated from a much smaller sample set of viewers.  Though Symphony rents a panel purporting 15,000 people, it seems too small to base NBC's large viewer numbers on.

I for one don't want a creepy smartphone application listening passively for theme music.  Because if it is listening for anything, it's listening for EVERYTHING. But forget my privacy for a second.  What about corporate infosec concerns?  Let's suppose for a moment that the Symphony software isn't being installed surreptitiously (and if it isn't yet, it will be).  If one of your employees installs the software on their phone to become part of some paid panel and then brings the device to work, what are the ramifications?  Hard to say without first understanding how the Symphony software works.

New technologies (and even new classes of technologies) are inevitable.  At Rendition Infosec, we advised clients that they needed policies surrounding Google Glass while it was still in early Beta.  Without policies concerning passive monitoring "always on" technologies, organizations place themselves at huge risk for inadvertent data exposure.  Without a policy governing the authorized use of the devices, nothing is against the rules and anything goes.  Picture the wild wild west.

Before we allow these technologies in the workplace, we should have a clear understanding of how data is retained and how data is transmitted (at a minimum).  Sooner or later, any passive monitoring device is certain to hear something you wish it hadn't.

Employee education is key in keeping these technologies out of our workplaces.  If your security awareness training (BYOD is an infosec issue) doesn't cover this, it should.  Consider updating them as needed.  As always, use these sorts of events to start the discussion about infosec concerns in the workplace.  The days of sitting on the sidelines until retirement are long gone.